1. On 18 May 1998, a public meeting of the Security Policy Advisory Board (SPAB) was held at the Omni Hotel in Tucson, Arizona. Board Chairman General Larry Welch, USAF (Ret) presided with board members Ms. Nina Stewart and Rear Admiral Thomas Brooks, USN (Ret) present. Numerous members of the public were also in attendance and participated.
AGENDA ITEMS:
INTRODUCTION
2. The meeting was opened by Mr. Terry Thompson, Responsible Federal Officer, who welcomed all in attendance and introduced the Board. Mr. Thompson then outlined the origination and purpose of the Security Policy Board and the subsequent formation of the Security Policy Advisory Board. Chairman Welch took the floor and answered a query from a previous meeting, i.e. what kind of follow up occurs after an issue is brought to the attention of the SPAB? General Welch indicated that the Board is successful in influencing the process and effecting change through persistence and "nagging". He noted that the second item on the day's agenda, "Conflict Resolution and Closure in the NISP arena", is in direct response to an issue brought forward at the last SPAB meeting. He also indicated the policy making mechanism involves a large and diverse community and is moved only with persistent pressure--which the SPAB helps provide.
RECIPROCITY:
3. Mr. Dan Jacobson, Director, Security Policy Board Staff, was then introduced and addressed the issue of reciprocity. He indicated that Executive Order 10450 was promulgated in the 1950s and reviewed numerous times since then. These reviews produced little return until EO 12968 was promulgated in 1995 requiring that investigative standards and adjudicative guidelines for government wide use be developed Those guidelines were subsequently signed by the President in the Spring of 1998 and have facilitated the implementation of reciprocity. There are, however, remaining obstacles. Those obstacles are largely in the area of communication and administrative management Mr. Jacobson stated the notion of reciprocity is now widely accepted by both industry and government but implementation must reach down to the grass roots level of the community in order for it to be effective. He also indicated that reciprocity is not one monolithic organism but rather it is a multi-faceted answer to needs of sponsorship, suitability, physical security requirements and perhaps eventually employment issues.
4. Mr. Jacobson said that the Security Policy Board met on 2 April 1998 and focused intensely on the reciprocity issue. The SPB has charged the Security Policy Forum to establish benchmarks and timelines for the achievement of reciprocity and report back to the SPB co-chairs by the end of June.
5. Mr. Jacobson closed by indicating that, as always, industry's voice in this matter is a needed and welcome one.
CONFLICT RESOLUTION AND CLOSURE IN THE NISPAC:
6. Mr. Rudolph Waddy, Information Security Oversight Office, then addressed the group. He stated the existing mechanism for conflict resolution consists first of calling a conflict to the attention of the Chair who subsequently offers a appropriate motion to the full committee. The chair then contacts the relevant agency and requests appropriate follow up while monitoring the entire process. Mr Waddy noted that the NISPAC is an advisory board only and has no consequent power to overrule existing practice.
7. Mr Bill Leonard, Department of Defense, was then introduced. He indicated that DOD is the executive agent for the NISPAC and that the most contentious issue facing the committee is Chapter Eight--dealing with automated information assurance. This issue has been on every meeting agenda since 1994 and needs closure. Industry prefers a performance based approach to INFOSEC which is not so specific that it will disallow adaptation to rapidly changing technology. Mr. Leonard indicated the larger contractors tend to maintain their own security and information technology expertise and generally have the capacity to securely handle data--electronic and otherwise. Smaller contractors may need more specific guidance and for this reason a two track document is currently under consideration A handbook for smaller contractors would provide guidance in lieu of a mandate and a higher level document, presumably with more sophisticated guidance, would be provided larger contractors.
8. When queried by the Board as to what the specific conflict resolution device for dealing with this issue was and why was it not actuated in the past four years, Mr. Leonard responded that the problem was not the deficiency of any mechanism but rather a failure on the part of the committee to appropriately present the issue for decision by senior management. This failing was compounded by the discontinuity of DOD senior management in the last several years. Mr. Leonard then related that the current management of C3I is supportive of forward movement in the Chapter 8 arena and that he is optimistic that the issue will now be rapidly resolved. The Board further asked if the two documents are in consonance how is it determined which one is applicable in a given instance? Mr. Leonard replied that it is the prerogative of the contractor to make that choice. A public attendee asked when the Chapter Eight document might be committed to paper and he was advised that by early Summer 98 the initial document should be drafted. Another questioner asked when the actual changes to the NISPOM would be final and was advised that the end of the calendar year served as the objective.
THREAT DATA:
9. Mr. Steve Argubright, National Counterintelligence Center (NACIC) was then introduced and began a discussion of the prevailing threat situation. He indicated that the current threat lies primarily in the area of drugs, terrorism, proliferation of weapons of mass destruction, information warfare, international organized crime and regional conflicts. He stated that the major players involved in these issues are Russia, North Korea, China and Iraq. In addition, there are several transnational groups which are also dangerously involved in these issues. China is a source of chemical weapons for Iran and is an economy and nation in transition--although no prospect of China forsaking its current political structure is foreseen. North Korea is developing long range missiles equipped with chemical agents which could threaten to destabilize the region. There is also a growing tendency for transnational terrorist groups to seek out chemical. and biological weapons-- as was done in the subways of Japan. Russia is believed to be involved in the exploitation of illicit drug trafficking as well as a supplier of weapons to rogue nations. Iran remains significant as a source of state supported terrorism and is aggressively seeking weapons of mass destruction.
10. Iraq remains a threat and still conceals its weapons of mass destruction. Regional trouble spots such as India/Pakistan, Bosnia and the Aegean also present potential threats. Mr Argubright indicated that no reduction of Russian intelligence activities has been noted since the end of the Cold War. There has been an increase in the targeting of Western businessmen/women and a total of twenty three nations target the U.S. for economic/technological information.
11. A participant asked if threat data could be made available to industry and Mr. Argubright answered it could be within the constraints of classification and using such vehicles as theme seminars. The board asked whether there is an existing database which contains up to date threat information as was recommended by the Joint Security Commission and the NACIC Advisory Group. Mr. Argubright indicated there is a database but its accessibility is quite limited due to security concerns. Mr. Jacobson added that the Extranet for Security Professionals will shortly be available and NACI has plans to employ ESP as a vehicle for maintenance of threat dada for industry.
OPEN FORUM DISCUSSION:
12. Cindy Conlon then addressed the group and stated the MOU signatories function as a conduit between the SPB structure and industry. They meet frequently, sometimes twice per week (telephonically), to discuss policy issues pertinent to industry and all are encouraged to participate. Mr. Bernie Lamoureux is the industry representative to the Policy Integration Committee and the Forum and Mr. Bill Kotapish is the representative to the Personnel Security Committee. Ms. Conlon was laudatory of the efforts of the SPB, its staff and attending committees. The Board asked Ms. Conlon how industry currently forwards resolutions and she replied through ISOO or, more recently, through the SPB structure.
13. Mr. Ed Halibozek, industry representative to the NISPAC then addressed the group. He indicated that whenever there has been a lack of agreement in the NISPAC forward progress has stopped. He indicated this occurred in consideration of Chapter 10 as well as Chapter 8. He stated a greater degree of engagement is required on the part of senior management. The Board queried whether the dispute resolution mechanism is adequate or whether we're really skirting the issue. Mr. Halibozek indicated the SPB structure would be an excellent dispute resolution methodology but to date stalemated issues have not been presented there. A participant then asked if the SPB structure was the appropriate place for such controversies to which Mr. Jacobson replied that it could be. Another participant then raised the point that controversies regarding physical security were resolved due to the presence of the Facilities Protection Committee. The absence of a corresponding committee for Infosec may account for the difficulty in resolution. Mr. Dick Williams then indicated that DOD will work to address the concerns of industry relative to dispute resolution. However, if they are not successful in improving the process by the next SPAB meeting in September, then dispute resolution will move to the SPB process.
14. Mr. Bernie Lamoureux, MOU, then took the floor and addressed the critical issue of reciprocity. He related that reciprocity in the physical security arena appears to be functioning very well. There has been progress in the personnel security theater but significantly more forward movement is needed. Reciprocity for SAPS is a dire need. While reciprocity within programs is now a reality, full lateral mobility among programs is yet to be accomplished. In addition, he indicated there are too many non-disclosure agreements to be signed and urged the development of one form to be used interchangeably among agencies and programs. The Board noted that the appropriate policies are in place but full implementation of reciprocity is still to come and will require continued attention. Reciprocity between and among SAPS will also require focused attention and increased pressure.
15. A participant stated the SSBI is a fundamental underpinning of reciprocity and expressed concern over any intention to depart from it. Mr. Steve Schantzer, Director of the Defense Security Service (DSS) and an attendee, noted that DSS has not experimented with changing any standards pertinent to the SSBI but rather has considered different approaches to collection methodology. Another questioner asked whether any potential changes had been coordinated with industry. Mr. Schantzer indicated that, since there was no change in policy, no coordination was necessary. The questioner indicated that industry is opposed to widespread use of the telephone in conducting investigations. The Board added that use of the telephone should occur only with the consent of the interviewee and that telephone interviews ought to be conducted only in cases with no derogatory or noteworthy information. The Board also noted that reciprocity ought to be a key consideration in contemplation of policies and practices relevant to telephone interviews.
16. Mr. Don Wall, MOU, then addressed the gathering and stated there have been three efforts to re-write Chapter Eight. Two have failed because no buy-in was obtained. The Board observed that there is always dissent when decisions are forwarded to senior management and it is their responsibility to consider the dissenting views, make a decision and move forward.
17. Rich Grau, MOU, and an industry participant in the ISWG which is focusing on DCID 1/16, indicated a review of the manual revealed 210 technical comments, 20% of which were actually management issues. He reiterated the need for a performance based document and stated the current version is not user friendly. What is needed is a document which is not confining and restrictive of the capacity to adapt to fast changing technology. A participant indicated that the true customer for this effort is the intelligence community and consequently their needs must be predominant. He suggested the two document approach might provide the best alternative. The Board also opined that it might actually be more efficient to craft two documents rather than one.
18. Joe Reynolds then assumed the podium and stated that the term "Agent of the Government" used in certain contracts is one which industry would prefer to disassociate from. There are legal liabilities implicit in the use of the term and industry is not anxious to assume such liabilities. Mr. Reynolds emphasized that this is a substantial and long standing industrial concern and encouraged legal research to define the term and its implications.
19. There was no further commentary and Mr. Thompson closed the meeting at 1645 hours.